oysteikt/nix-dotfiles
oysteikt
/
nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

tsuki/nginx: small refactor

This commit is contained in:
Oystein Kristoffer Tveit 2023-07-28 21:58:17 +02:00
parent e6605b3a73
commit c2026eefeb
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
hosts/tsuki/services/nginx/default.nix
View File

@ -21,36 +21,41 @@
generateServerAliases = generateServerAliases =
domains: subdomains: domains: subdomains:
lib.lists.flatten (map (s: map (d: "${s}.${d}") domains) subdomains); lib.lists.flatten (map (s: map (d: "${s}.${d}") domains) subdomains);
s = toString; s = toString;
in { in {
enable = true; enable = true;
enableReload = true; enableReload = true;
statusPage = true; statusPage = true;
recommendedBrotliSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedZstdSettings = true;
upstreams = let inherit (secrets) ips ports; in { upstreams = let
"atuin".servers."localhost:${s config.services.atuin.port}" = { }; inherit (secrets) ips ports;
srv = config.services;
in {
"atuin".servers."localhost:${s srv.atuin.port}" = { };
"dynmap".servers."localhost:${s ports.minecraft.dynmap}" = { }; "dynmap".servers."localhost:${s ports.minecraft.dynmap}" = { };
"gitea".servers."unix:/run/gitea/gitea.sock" = { }; "gitea".servers."unix:/run/gitea/gitea.sock" = { };
"grafana".servers."unix:/run/grafana/grafana.sock" = { }; "grafana".servers."unix:/run/grafana/grafana.sock" = { };
"headscale".servers."localhost:${s config.services.headscale.port}" = { }; "headscale".servers."localhost:${s srv.headscale.port}" = { };
"hedgedoc".servers."unix:${config.services.hedgedoc.settings.path}" = { }; "hedgedoc".servers."unix:${srv.hedgedoc.settings.path}" = { };
"hydra".servers."localhost:${s config.services.hydra.port}" = { }; "hydra".servers."localhost:${s srv.hydra.port}" = { };
"idrac".servers."${ips.idrac}" = { }; "idrac".servers."${ips.idrac}" = { };
"invidious".servers."localhost:${s config.services.invidious.port}" = { }; "invidious".servers."localhost:${s config.services.invidious.port}" = { };
"jupyter".servers."unix:/run/jupyter/jupyter.sock" = { }; "jupyter".servers."unix:/run/jupyter/jupyter.sock" = { };
"kanidm".servers."localhost:8300" = { }; "kanidm".servers."localhost:8300" = { };
"osuchan".servers."localhost:${s ports.osuchan}" = { }; "osuchan".servers."localhost:${s ports.osuchan}" = { };
"pgadmin".servers."unix:${config.services.uwsgi.instance.vassals.pgadmin.socket}" = { }; "pgadmin".servers."unix:${srv.uwsgi.instance.vassals.pgadmin.socket}" = { };
"plex".servers."localhost:${s ports.plex}" = { }; "plex".servers."localhost:${s ports.plex}" = { };
"proxmox".servers."${ips.px1}:${s ports.proxmox}" = { }; "proxmox".servers."${ips.px1}:${s ports.proxmox}" = { };
"vaultwarden".servers."localhost:${s config.services.vaultwarden.config.ROCKET_PORT}" = { }; "vaultwarden".servers."localhost:${s srv.vaultwarden.config.ROCKET_PORT}" = { };
}; };
virtualHosts = let virtualHosts = let
@ -69,6 +74,7 @@
serverAliases = drop 1 (generateServerAliases domains subdomains); serverAliases = drop 1 (generateServerAliases domains subdomains);
useACMEHost = "nani.wtf"; useACMEHost = "nani.wtf";
forceSSL = true; forceSSL = true;
kTLS = true;
extraConfig = '' extraConfig = ''
ssl_client_certificate ${cloudflare-origin-pull-ca}; ssl_client_certificate ${cloudflare-origin-pull-ca};